From 9a38b823b8c94b03448c82a1695943f3e19b92d1 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 15 Sep 2022 08:46:51 +0200
Subject: conntrack: T4691: lower "tcp max-retrans" upper limit

Kernel 5.15.y and newer only support an upper boundary of 255.

vyos@vyos:~$ sudo sysctl -w net.netfilter.nf_conntrack_tcp_max_retrans=255
net.netfilter.nf_conntrack_tcp_max_retrans = 255

vyos@vyos:~$ sudo sysctl -w net.netfilter.nf_conntrack_tcp_max_retrans=256
sysctl: setting key "net.netfilter.nf_conntrack_tcp_max_retrans": Invalid argument
---
 interface-definitions/system-conntrack.xml.in | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in
index 14f12b569..5810a97c6 100644
--- a/interface-definitions/system-conntrack.xml.in
+++ b/interface-definitions/system-conntrack.xml.in
@@ -259,13 +259,13 @@
               </leafNode>
               <leafNode name="max-retrans">
                 <properties>
-                  <help>TCP maximum retransmit attempts</help>
+                  <help>Maximum number of packets that can be retransmitted without received an ACK</help>
                   <valueHelp>
-                    <format>u32:1-2147483647</format>
-                    <description>Generic connection timeout in seconds</description>
+                    <format>u32:1-255</format>
+                    <description>Number of packets to be retransmitted</description>
                   </valueHelp>
                   <constraint>
-                    <validator name="numeric" argument="--range 1-2147483647"/>
+                    <validator name="numeric" argument="--range 1-255"/>
                   </constraint>
                 </properties>
                 <defaultValue>3</defaultValue>
-- 
cgit v1.2.3